On January 11, the UK National Crime Agency (NCA) said that Robert Davies first appeared on the radar in 2019 after purchasing and downloading a variety of malware, including crypters – used to encrypt, hide, and obfuscate payloads such as Trojans – and a number of RATs. RATs can be used to forge a remote link between an attacker and a victim device, steal information, and conduct surveillance through microphones and cameras. Law enforcement says that the 32-year-old was also a customer of Weleakinfo, an online marketplace that offered stolen credentials. According to the NCA, the platform hosted roughly 12 billion stolen credential records obtained from over 10,000 data breaches.  Weleakinfo’s domain was seized in 2020 in an operation involving the NCA, US Department of Justice (DoJ), and other criminal agencies.  Davies, a resident of Nottingham, spent years using malware to infect phones and PCs. The RATs were packaged up through crypter software and victims were lured into downloading the malware, often through private messages.  “Davies was using numerous fake online profiles to mask his identity and contact his victims on various messaging apps, in an attempt to build a relationship with them and attack their devices using links sent through the chats,” the NCA says. “There was evidence that he had been doing this over a number of years.” Once malware was executed on a victim’s device, Davies would use his remote access to rifle through PCs and handsets, stealing any explicit material stored on them.  In at least one case, he also spied on a teenage girl through her webcam and covertly took indecent images of her without consent.  UK law enforcement arrested Davies three times between 2019 and 2021 and seized a number of devices from his home. The NCA has identified over 30 victims and obtained 28 explicit images and videos of children. Overall, most of the images discovered by police were of females. It took some time for investigators to realize the full scope of his activities, resulting in charge after charge being stacked against him. Davies pleaded guilty to voyeurism, three counts of possessing indecent images of children, the possession of extreme pornographic content, and a total of 24 Computer Misuse Act offenses.  Sentencing took place this week at Nottingham Crown Court and Davies will spend 26 months in prison. In addition, the judge imposed a 10-year sexual harm prevention order, a 10-year restraining order on five victims, and Davies has been placed on the sex offender’s register.  “Davies had amassed what can only be described as a cyber criminal’s toolkit,” commented Andrew Shorrock, Operations Manager of the NCA’s National Cyber Crime Unit. “Not only was he using these tools to break into peoples’ devices, he was using them to spy on his unsuspecting victims and to steal naked images of them for his own sexual gratification.”

Indian Patchwork hacking group infects itself with remote access TrojanRemote Access Trojans spread through Microsoft Azure, AWS cloud service abuseNew Windows RAT can be controlled via a Telegram channel

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0